Low severity3.3NVD Advisory· Published Oct 21, 2025· Updated Apr 29, 2026

CVE-2022-4981

Description

A vulnerability was detected in DCMTK up to 3.6.7. The impacted element is the function DcmQueryRetrieveConfig::readPeerList of the file /dcmqrcnf.cc of the component dcmqrscp. The manipulation results in null pointer dereference. The attack needs to be approached locally. The exploit is now public and may be used. Upgrading to version 3.6.8 is sufficient to resolve this issue. The patch is identified as 957fb31e5. Upgrading the affected component is advised.

Affected products

Dcmtk/Dcmtk
cpe:2.3:a:offis:dcmtk:*:*:*:*:*:*:*:*
Range: <3.6.8

Patches

59f75a8b50e5

https://github.com/dcmtk/dcmtkvia osv

Vulnerability mechanics

Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

shimo.im/docs/e1Azd4dDQXUgOGqW/nvdExploitThird Party Advisory
shimo.im/docs/e1Azd4dDQXUgOGqW/readnvdExploitThird Party Advisory
support.dcmtk.org/redmine/issues/1026nvdExploitIssue TrackingVendor Advisory
vuldb.comnvdThird Party AdvisoryVDB Entry
vuldb.comnvdThird Party AdvisoryVDB Entry
vuldb.comnvdPermissions RequiredVDB Entry

News mentions

No linked articles in our index yet.

cvss	0.214
epss	0.000
exploit	0.000
kev	0.000
patch	-0.070
ransomware	0.000